ISO IEC 19785-4:2010 pdf download – Information technology — Common Biometric Exchange Formats Framework — Part 4: Security block format specifications.
4.4 Abbreviated terms defined in RFC 3852 For the purposes of this document, the following abbreviated term in RFC 3852 applies: CRL. 5 Security block format: general purpose 5.1 Security block format owner ISO/IEC JTC 1/SC 37 5.2 Security block format owner identifier 257 (0101Hex) . This identifier has been assigned in accordance with ISO/IEC 19785-2 to ISO/IEC JTC 1/SC 37 as a CBEFF biometric organization. 5.3 Security block format name ISO/IEC JTC 1/SC 37 CBEFF general-purpose security block format 5.4 Security block format identifier 1 (0001 Hex) . This has been registered in accordance with ISO/IEC 19785-2 when DER encodings (see ISO/IEC 8825-1) are applied. 2 (0002 Hex) . This has been registered in accordance with ISO/IEC 19785-2 when canonical PER encodings (see ISO/IEC 8825-2) are applied. 3 (0003 Hex) . This has been registered in accordance with ISO/IEC 19785-2 when canonical XER encodings (see ISO/IEC 8825-3) are applied. 5.5 ASN.1 object identifier for this security block format 5.5.1 The case of DER encodings {iso registration-authority cbeff(19785) organizations(0) jtc-sc37 (257) sb-formats(3) general-purpose(0) der-encoding(1) } or, in XML value notation, 1.1.19785.0.257.3.0.1 5.5.2 The case of canonical PER encodings {iso registration-authority cbeff(19785) organizations(0) jtc-sc37 (257) sb-formats(3) general-purpose(0) per-encoding(2) } or, in XML value notation, 1.1.19785.0.257.3.0.2
5.5.3 The case of canonical XER encodings {iso registration-authority cbeff(19785) organizations(0) jtc-sc37 (257) sb-formats(3) general-purpose(0) xer-encoding(3) } or, in XML value notation, 1.1.19785.0.257.3.0.3 5.6 Domain of use The general-purpose security block is designed for applications that require integrity and/or encryption, and optionally inclusion of ACBio instances. 5.7 Version identifier This security block format specification has a version identifier of (major 0, minor 0). 5.8 Format specification and conformance statement 5.8.1 General 5.8.1.1 In this part of ISO/IEC 19785, a CBEFF security block is defined as the ASN.1 (see ISO/IEC 8824) type CBEFFSecurityBlock which is a sequence of the ASN.1 type CBEFFSecurityBlockElement . CBEFFSecurityBlock ::= SEQUENCE OF CBEFFSecurityBlockElement CBEFFSecurityBlockElement ::= CHOICE { elementCBEFFSB ContentInfoCBEFFSB, subBlockForACBio SubBlockForACBio, accumulatedACBioInstances ACBioInstances } 5.8.1.2 There are three alternatives for the type CBEFFSecurityBlockElement . These are ContentInfoCBEFFSB , SubBlockForACBio , or ACBioInstances . CBEFFSecurityBlockElement carries information about the integrity of the concatenation of the SBH and the BDB or encryption of the BDB. The latter two carry information on ACBio which is specified in ISO/IEC 24761. 5.8.1.3 The type ContentInfoCBEFFSB is defined as: ContentInfoCBEFFSB ::= SEQUENCE { contentType CONTENT-TYPE.&id({ContentTypeCBEFF}) , content [0] EXPLICIT CONTENT-TYPE.&Type ({ContentTypeCBEFF}{@contentType}) } NOTE This type replaces the type ContentInfo in RFC 5911. The first component of this type can take only four object identifiers, namely id-envelopeRelatedData, id-encryptionRelatedData, id-signatureRelatedData, or id-authenticationRelatedData, while that of the type ContentInfo in RFC 5911 can take other object identifiers. This type can occur two times at most in the CBEFFSecurityBlock sequence, once to support integrity and once to support encryption.